Adds a new configuration option, stir_shaken_profile, in pjsip.conf that
can be specified on a per endpoint basis. This option will reference a
stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be
specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along
with permit and deny lines in the object itself) that will be used to
limit what interfaces Asterisk will attempt to retrieve information from
when reading the Identity header.

ASTERISK-29476

Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406

Some databases depending on their configuration using backslashes
for escaping. When combined with the use of ' this can result in
a broken func_odbc query.

This change adds a SQL_ESC_BACKSLASHES dialplan function which can
be used to escape the backslashes.

This is done as a dialplan function instead of being always done
as some databases do not require this, and always doing it would
result in incorrect data being put into the database.

ASTERISK-29838

Change-Id: I152bf34899b96ddb09cca3e767254d8d78f0c83d

The disabledevents setting has been added to the general section
in manager.conf, which allows users to specify events that
should be globally disabled and not sent to any AMI listeners.

This allows for processing of these AMI events to end sooner and,
for frequent AMI events such as Newexten which users may not have
any need for, allows them to not be processed. Additionally, it also
cleans up core debug as previously when debug was 3 or higher,
the debug was constantly spammed by "Analyzing AMI event" messages
along with a complete dump of the event contents (often for Newexten).

ASTERISK-29853 #close

Change-Id: Id42b9a3722a1f460d745cad1ebc47c537fd4f205

pbx.digium.com no longer accepts IAX2 calls and
there are no plans for it to come back.

Accordingly, nonworking IAX2 URIs are removed from
both the LICENSE file and the sample config.

ASTERISK-29923 #close

Change-Id: I257c54d4d812ed6b4bd4cbec2cd7ebe2b87b5bad

Whereas BLFs allow to show a display name for each RLS entry,
the asterisk provides only the extension now.
This is not end user friendly.

This commit adds a new resource_list option, resource_display_name,
to indicate whether display name of resource or the resource name being
provided for RLS entries.
If this option is enabled, the Display Name will be provided.
This option is disabled by default to remain the previous behavior.
If the 'event' set to 'presence' or 'dialog' the non-empty HINT name
will be set as the Display Name.
The 'message-summary' is not supported yet.

ASTERISK-29891 #close

Change-Id: Ic5306bd5a7c73d03f5477fe235e9b0f41c69c681

added res_pjsip_outbound_registration to .requires in AST_MODULE_INFO
which fixes issue with module crashes on load "FRACK!, Failed assertion"

ASTERISK-29871

Change-Id: Ia0f49d048427a40e1b763296b834a52a03610096

Change-Id: I886936b808def5540d40071321e72f6bfa19063a

Adds a new option, defaultenabled, to the CDR core to
control whether or not CDR is enabled on a newly created
channel. This allows CDR to be disabled by default on
new channels and require the user to explicitly enable
CDR if desired. Existing behavior remains unchanged.

ASTERISK-29808 #close

Change-Id: Ibb78c11974bda229bbb7004b64761980e0b2c6d1

Fixes 12pm noon incorrectly returning 0/a.m.
Also fixes a misspelling typo in the config.

ASTERISK-29695 #close

Change-Id: Ie40f9618636eb4c483b449bd707a5dcffca5c406

Adds an AMI event for a wink frame.

ASTERISK-29830 #close

Change-Id: I83e426de5e37baed79a4dbcc91e9e8d030ef1b56

Includes some minor updates to extensions.conf
and iax.conf. In particular, the demonstration
of macros in extensions.conf is removed, as
Macro is deprecated and will be removed soon.
These examples have been replaced with examples
demonstrating the usage of Gosub instead.

The older exten => ...,n syntax is also mostly
replaced with the same keyword to demonstrate the
newer, more concise way of defining extensions.

IAXTEL no longer exists, so this example is replaced
with something more generic.

Some documentation is also added to extensions.conf
and iax.conf to clarify some of the new expanded
encryption capabilities with IAX2.

ASTERISK-29758 #close

Change-Id: I04fba9671aa1ee9ba1bd5027061f80bbe38e7b46

Correct typos of the following word families:

password
excludes
undesirable
checksums
through
screening
interpreting
database
causes
initiation
member
busydetect
defined
severely
throughput
recognized
counter
require
indefinitely
accounts

ASTERISK-29714

Change-Id: Ie8f2a7b274a162dd627ee6a2165f5e8a3876527e

The search for a running asterisk when --running is used
has been greatly simplified and in the event it doesn't
work, you can now specify a pid to use on the command
line with --pid.

The search for asterisk modules when --tarball-coredumps
is used has been enhanced to have a better chance of finding
them and in the event it doesn't work, you can now specify
--libdir on the command line to indicate the library directory
where they were installed.

The DATEFORMAT variable was renamed to DATEOPTS and is now
passed to the 'date' utility rather than running DATEFORMAT
as a command.

The coredump and output files are now renamed with DATEOPTS.
This can be disabled by specifying --no-rename.

Several confusing and conflicting options were removed:
--append-coredumps
--conffile
--no-default-search
--tarball-uniqueid

The script was re-structured to make it easier for follow.

Change-Id: I674be64bdde3ef310b6a551d4911c3b600ffee59

In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.

ASTERISK-29402

Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557

The behavior of max_contacts and remove_existing are connected.  If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact.  Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.

This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing.  If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.

ASTERISK-29525

Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784

Adds the ability for users to log to custom log levels
by providing custom log level names in logger.conf. Also
adds a logger show levels CLI command.

ASTERISK-29529

Change-Id: If082703cf81a436ae5a565c75225fa8c0554b702

This allows the STUN server to change its IP address without having to
reload the res_rtp_asterisk module.

The refresh of the name resolution occurs first when the module is
loaded, then recurringly, slightly after the previous DNS answer TTL
expires.

ASTERISK-29508 #close

Change-Id: I7955a046293f913ba121bbd82153b04439e3465f

This changeset is intended to address compatibility issues encountered
when interfacing Asterisk to electromechanical telephone switches that
implement ANI-B, ANI-C, or ANI-D.

In particular the behaviours that this impacts include:

 - FGC-CAMA did not work at all when using MF signaling. Modified the
   switch case block to send calls to the correct part of the
   signaling-handling state machine.

 - For FGC-CAMA operation, the delay between called number ST and
   second wink for ANI spill has been made configurable; previously
   all calls were made to wait for one full second.

 - After the ANI spill, previous behavior was to require a 'ST' tone
   to advance the call.  This has been changed to allow 'STP' 'ST2P'
   or 'ST3P' as well, for compatibility with ANI-D.

 - Store ANI2 (ANI INFO) digits in the CALLERID(ANI2) channel variable.

 - For calls with an ANI failure, No. 1 Crossbar switches will send
   forward a single-digit failure code, with no calling number digits
   and no ST pulse to terminate the spill.  I've made the ANI timeout
   configurable so to reduce dead air time on calls with ANI fail.

 - ANI info digits configurable.  Modern digital switches will send 2
   digits, but ANI-B sends only a single info digit.  This caused the
   ANI reported by Asterisk to be misaligned.

 - Changed a confusing log message to be more informative.

ASTERISK-29518

Change-Id: Ib7e27d987aee4ed9bc3663c57ef413e21b404256

Allow mapping pjproject log messages to the Asterisk TRACE
log level.  The defaults were also changes to log pjproject
levels 3,4 to DEBUG and 5,6 to TRACE.  Previously 3,4,5,6
all went to DEBUG.

ASTERISK-29582

Change-Id: I859a37a8dec263ed68099709cfbd3e665324c72d

Meter types are not well supported,
lacking support in telegraf, datadog and the official statsd servers.
We deprecate meters and provide a compliant fallback for any existing usages.

A flag has been introduced to allow meters to fallback to counters.


ASTERISK-29513

Change-Id: I5fcb385983a1b88f03696ff30a26b55c546a1dd7

A new user option, answer_channel, adds the capability to
prevent answering the channel if it hasn't already been
answered yet.

ASTERISK-29440

Change-Id: I26642729d0345f178c7b8045506605c8402de54b

By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:

https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2

This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.

ASTERISK-29434

Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b

RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm.  The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred.  We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.

The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.

It doesn't stop there though... Each realm can require a
different username from the others.  There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.

So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header.  We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.

In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.

NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5.  We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5.  When we support the
others, we'll move the check into the loop that searches the
objects.

Changes:

 * Added a new API ast_sip_retrieve_auths_vector() that takes in
   a vector of auth ids (usually supplied on a call to
   ast_sip_create_request_with_auth()) and populates another
   vector with the actual objects.

 * Refactored res_pjsip_outbound_authenticator_digest to handle
   multiple Authenticate headers and set the stage for handling
   additional digest algorithms.

 * Added a pjproject patch that allows them to ignore digest
   algorithms they don't support.  This patch has already been
   merged upstream.

 * Updated documentation for auth objects in the XML and
   in pjsip.conf.sample.

 * Although res_pjsip_authenticator_digest isn't affected
   by this change, some debugging and a testsuite AMI event
   was added to facilitate testing.

Discovered during OpenSIPit 2021.

ASTERISK-29397

Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281

Although Asterisk can receive and propogate flash events, it currently
provides no mechanism for doing anything with them itself.

This AMI event allows flash events to be processed by Asterisk.
Additionally, AST_CONTROL_FLASH is included in a switch statement
in channel.c to avoid throwing a warning when we shouldn't.

ASTERISK-29380

Change-Id: Ie17ffe65086e0282c88542e38eed6a461ec79e81

STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.

The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c

During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.

We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.

The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d

ASTERISK-27477 #close

Change-Id: I68f6715bba92a525149e35d142a49377a34a1193

Change-Id: I2f76867ce02ec611964925159be099de83346e38

I missed the changes in 18 and master in the previous review.

ASTERISK-24434 #close

Change-Id: Ieb132b2a998ce96daa9c9acf26535a974b895876

Change-Id: Iff0e713f2120d8dce8e1e26924b99ed17f9d9dff

ASTERISK-24631 #close

Change-Id: I8bf8776906a72ee02f24de6a85345940b9ff6b6f

Also removed the sample documentation, and some oddly-placed
documentation about the timeout argument to the Queue() application
itself. There is a large section on the timeout behavior below.

ASTERISK-26614 #close

Change-Id: I8f84e8304b50305b7c4cba2d9787a5d77c3a6217

ASTERISK-24434 #close

Change-Id: I0144e8d65d878128da59dcf3df12ca8cee47d6db

minargs enables enforcing of minimum count of arguments to pass to
func_odbc, so if you're unconditionally using ARG1 through ARG4 then
this should be set to 4.  func_odbc will generate an error in this case,
so for example

[FOO]
minargs = 4

and ODBC_FOO(a,b,c) in dialplan will now error out instead of using a
potentially leaked ARG4 from Gosub().

ARGC is needed if you're using optional argument, to verify whether or
not an argument has been passed, else it's possible to use a leaked ARGn
from Gosub (app_stack).  So now you can safely do
${IF($[${ARGC}>3]?${ARGV}:default value)} kind of thing.

Change-Id: I6ca0b137d90b03f6aa9c496991f6cbf1518f6c24
Signed-off-by: Jaco Kroon <jaco@uls.co.za>

ASTERISK-29244

Change-Id: I1862d58264c2c8b5d8983272cb29734b184d67c5

Add option "srtpreplayprotection" rtp.conf to enable srtp
replay protection.

ASTERISK-29260
Reported by: Alexander Traud

Change-Id: I5cd346e3c6b6812039d1901aa4b7be688173b458

If there's no secret specified for an iax2 peer and there's no secret
specified in the dial string, Asterisk will crash if the auth method
requested by the peer is MD5 or plaintext.  You also couldn't specify
a default auth method in the [general] section of iax.conf so if you
don't have static peers defined and just use the dial string, Asterisk
will still crash even if you have a secret specified in the dial string.

* Added logic to iax2_call() and authenticate_reply() to print
  a warning and hanhup the call if encryption is requested and
  there's no secret or auth method.  This prevents the crash.

* Added the ability to specify a default "auth" in the [general]
  section of iax.conf.

ASTERISK-29624
Reported by: N A

Change-Id: I5928e16137581f7d383fcc7fa04ad96c919e6254

As described in the issue, /tmp is not a suitable location for a
large amount of cached media files, since most distributions make
/tmp a RAM-based tmpfs mount with limited capacity.

I opted for a location that can be configured separately, as opposed
to using a subdirectory of spooldir, given the different storage
profile (transient files vs files that might stay there indefinitely).

This commit just makes the cache directory configurable, but leaves
it at /tmp by default, to ensure backwards compatibility.

A future commit that only targets master could change the default
location to something more sensible such as /var/tmp/asterisk. At
that point, the cachedir could be created and cleaned up during
uninstall by the Makefile script.

ASTERISK-29143

Change-Id: Ic54e95199405abacd9e509cef5f08fa14c510b5d

Change-Id: I79cc693cd5a6e5dd7d403b7e91d970ff1ddf8306

Currently any response from res_curl where we get an answer from the
web server, regardless of what the response is (404, 403 etc.) Asterisk
currently treats it as a success. This patch allows you to set which
codes should be considered as a failure by Asterisk. If say we set
failurecodes=404,403 then when using curl in realtime if a server gives
a 404 error Asterisk will try to failover to the next option set in
extconfig.conf

ASTERISK-28825

Reported by: Dovid Bender
Code by: Gobinda Paul

Change-Id: I94443e508343e0a3e535e51ea6e0562767639987